; Policies ; Formatting ; Policy: name ; Descrp: Detailed description of the policy ; Xample: The ip address 1.2.3.4 broke this policy ; Note: All examples are totally ficticious and don't exist in my drop lists. Policy: non-us Description: Non US IP addresses are typically not allowed to connect. I don't go looking for these non-us IP addresses, but if they come to me and look suspicious (like failed authentication attempts with phony credentials) I'll drop that IP and it's whole space according to a whois lookup. Example: The ip address 1.2.3.4 fails to authenticate against a server. I'm alerted, so I do a whois lookup for 1.2.3.4. I notice that the 1.2.3.0/24 space is registered to EvilCorp in Imaginaryland (ZZ). I add the 1.2.3.0/24 space to the blocklist and tag it with a ticket number. Policy: failed-login Description: Failed authentication requests are logged and ratted out to me. If the failed credentials look obviously fake, I'll do a whois lookup and block either that IP or that IP space (depending on the reputability of the IP space owner). Example: 1.2.3.4 fails to login as the user "user" who obviously doesn't exist. I'm alerted, so I do a whois lookup, and depending on the whois lookup I might or might not block the whole space (but I'll probably block at least the offending IP). Policy: Alert-US-Hosts Descrp: IP addresses registered in the United States shall be alerted via contact in ARIN for abuse or policy violations. Example: IP 1.2.3.4 violates a poicy. Whois lookup reveals 1.2.3.4 is registered to a US based company, and a contact abuse@noc.1.2.3.0net is available. An email will be sent detailing policy violations and timestamps of offending violations. Policy: bad-provider Descrp: If a particular ip space is registered to a provider who appears elsewhere on this list, that ip space will be banned. Example: Suppose IP 1.2.3.4 violates a policy. A whois lookup indicates that the IP is registered to EvilCorp Intl, who has been seen before on the list. That IP block registered to EvilCorp Intl will be blocked.